Position Information

NY HELPNo

AgencyState Comptroller, Office of the

TitleInformation Technology Specialist 2 (Information Security) - Item# 00706

Occupational CategoryI.T. Engineering, Sciences

Salary Grade18

Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)

Salary RangeFrom $56604 to $71980 Annually

Employment Type Full-Time

Appointment Type Contingent Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Schedule

Workweek Mon-Fri

Hours Per Week 37.50

Workday

From 8 AM

To 4 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? No

Location

County Albany

Street Address 110 State Street

City Albany

StateNY

Zip Code12236

Job Specifics

Minimum Qualifications Non-Competitive Qualifications:

Bachelor’s degree* in Information Security, Cyber Security, Digital Forensics, Information Assurance, or Information Technology related field, OR bachelor's degree with 15 credit hours in Cyber Security, Information Assurance, or Informational Technology. * Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Bachelor’s degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance.

Duties Description · Review cloud designs to determine required security controls for cloud systems and applications.

· Support of Microsoft Cloud Security tools, including but not limited to: Azure Information Protection (AIP), Microsoft Privileged Identity Management, and Microsoft O365 Data Loss Prevention (DLP).

· Monitor cloud security industry standards and recommend improvements to management.

· Review cloud security tools to provide insights and reporting capabilities.

· Perform as a subject matter expert/professional on cloud technology security.

· Assist with development of cloud-specific security policies, standards, and procedures.

· Assess and make recommendations related to the use and security of cloud services and technologies.

· Provide security assistance and secure solutions to program areas within the Division of the Chief Information Officer (CIO).

· Research new security techniques and methodologies.

· Research products that need upgrading.

· Research and respond to security related questions.

· Assist with meetings on various related topics (attending, organizing, taking notes, and assessing security control strength).

· Assist with gap analysis to ensure policies are in compliance, and address areas that need to be improved.

· Assist with the development and implementation and revision of security policies and standards, consistently addressing the most up-to-date security requirements.

· Review, research, and respond to security requests and exceptions to information security standards and policies.

· Assist with reviewing security risk assessments.

· Assist with defining the security tasks required for projects.

· Assist developers with security requirements.

· Assist with the development of system security plans for projects.

· Review test results from application server scans and suggest remediation solutions.

Additional Comments Preferred Qualifications:

· Working knowledge of:

Ø Computer networks, intrusion detection/prevention systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments.

Ø Government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, LADMF, GDRP).

Ø Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering).

Ø Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, Cloud Security).

· Experience in the following areas:

Ø Cloud Security governance.

Ø Microsoft O365 security.

Ø Microsoft Azure security.

Ø Strong understanding of current and emerging Cloud technologies.

Ø Security policy/standard/guideline implementation.

Ø Conducting risk assessments and evaluating information technology systems for security controls (Secure Systems Development Lifecycle).

Ø Compliance assessments, audit support/response, and compliance/audit remediation.

· Demonstrates excellence in oral and written communication.

· Demonstrated critical thinking, problem solving and analytical skills.

Some positions may require additional credentials or a background check to verify your identity.

Contact Information

Name Daniel Gibbs

Telephone (518) 474-1924

Fax (518) 486-6723

Email Address recruit@osc.state.ny.us

Address

Street Office of Human Resources

110 State Street, 12th Floor

City Albany

State NY

Zip Code 12236

 

Notes on ApplyingInterested candidates should submit a cover letter, resume and the attached template https://web.osc.state.ny.us/recruit/docs/00706_ITS_2_MQTemplate_09_2021.doc to recruit@osc.ny.gov no later than October 29, 2021. Please reference Item #00706 in the subject line of the email, and on the cover letter.

PLEASE NOTE: To obtain the required template; copy and paste the hyper link into your browser, download and save the template

PLEASE NOTE: All candidates MUST complete this template in full to demonstrate they meet the minimum qualifications. Candidates will be selected for interview based SOLELY on the contents provided by them on this template.

IMPORTANT: It is imperative that you provide specific examples to demonstrate your experience for each of the required qualifications listed in this template. Please ensure that you have fully described how you meet the qualifications by providing a FULLY DETAILED description of your experience. Any ambiguity, vagueness, or omissions will not be decided in the candidate’s favor.

When responding, please include the reference number and letters listed in this section. The GOER ID # should not be included.